Allow a signed jar to load scripts which are at least as privileged as the

jar. Bug 428873, r+sr=jst, a=beltzner git-svn-id: svn://10.0.0.236/trunk@250313 18797224-902f-48f8-a5cc-f745e15eee43
2008-04-16 16:03:23 +00:00 · 2008-04-16 16:03:23 +00:00 · 5ef92b9054
commit 5ef92b9054
parent d7e316218f
1 changed files with 5 additions and 5 deletions
--- a/mozilla/content/base/src/nsScriptLoader.cpp
+++ b/mozilla/content/base/src/nsScriptLoader.cpp
@ -891,9 +891,9 @@ nsScriptLoader::ShouldExecuteScript(nsIDocument* aDocument,

  NS_ASSERTION(channelPrincipal, "Gotta have a principal here!");

-  // If the document principal is a cert principal and is not the same
-  // as the channel principal, then we don't execute the script.
-  PRBool equal;
-  rv = docPrincipal->Equals(channelPrincipal, &equal);
-  return NS_SUCCEEDED(rv) && equal;
+  // If the channel principal isn't at least as powerful as the
+  // document principal, then we don't execute the script.
+  PRBool subsumes;
+  rv = channelPrincipal->Subsumes(docPrincipal, &subsumes);
+  return NS_SUCCEEDED(rv) && subsumes;
 }